CVE-2020-1717

Information Exposure Through an Error Message in maven/org.keycloak/keycloak-server-spi-private

Identifiers

CVE-2020-1717

Package Slug

maven/org.keycloak/keycloak-server-spi-private

Vulnerability

Information Exposure Through an Error Message

Description

Keycloak suffers from an information disclosure through an error message. A logged in user can do an account email enumeration attack.

Affected Versions

Version 7.0.1

Solution

Upgrade to version 8.0.0 or above.

Last Modified

2021-02-19

source